scholarly journals Mandatory Access Control Method for Windows Embedded OS Security

Electronics ◽  
2021 ◽  
Vol 10 (20) ◽  
pp. 2478
Author(s):  
Chaeho Cho ◽  
Yeonsang Seong ◽  
Yoojae Won
Keyword(s):  
Operating System ◽  
Access Control ◽  
Security Policy ◽  
Control Method ◽  
Embedded Operating System ◽  
Security Systems ◽  
Discretionary Access Control ◽  
Embedded Os ◽  
Mandatory Access Control ◽  
Access Rights

The Windows Embedded operating system (OS) adopts a discretionary access control (DAC)-based policy, but underlying vulnerabilities exist because of external hacker attacks and other factors. In this study, we propose a system that improves the security of the Windows Embedded OS by applying a mandatory access control (MAC) policy in which the access rights of objects, such as files and folders, and subjects’ privileges, such as processes, are compared. We conducted access control tests to verify whether the proposed system could avoid the vulnerabilities of DAC-based systems. Our results indicate that the existing DAC-based security systems could be neutralized if a principal's security policy is removed. However, in the proposed MAC-based Windows Embedded OS, even if the clearance and category values of a subject’s files are given the highest rating, all accesses are automatically denied. Therefore, the execution of all files that were not previously registered on the whitelist was denied, proving that security was improved relative to DAC-based systems.

Design of Piping Functionality for ARM Based Multi-Process Mono-Kernel Embedded OS

2013 ◽  
Vol 373-375 ◽  
pp. 1634-1637
Author(s):  
Bo Qu
Keyword(s):  
Operating System ◽  
Embedded Linux ◽  
Embedded Operating System ◽  
Reading And Writing ◽  
Process Communication ◽  
Embedded Os ◽  
Design And Implementation ◽  
Key Techniques ◽  
Inter Process Communication

This paper describes the design and implementation of piping functionality for ARM based multi-process mono-kernel embedded operating system, including overview of inter-process communication, key techniques of designing piping routines such as getting i-node for piping, creating pipe, reading and writing pipe, and terminating pipe, etc. At the final, the paper provides a demo example to show the effect. Based on the piping routines described in this paper, more powerful shell interpreter with redirecting and piping functionalities as well as other shell commands analogous to that of embedded Linux can be implemented.

Design of Signaling for Multi-Process Micro-Kernel Embedded OS on ARM

2013 ◽  
Vol 756-759 ◽  
pp. 4198-4202
Author(s):  
Bo Qu ◽  
Zhong Xue Yang
Keyword(s):  
Operating System ◽  
Embedded Operating System ◽  
Embedded Os ◽  
Design And Implementation

This paper describes the design and implementation of signaling routines for multi-process micro-kernel embedded operating system on ARM in details, including overview of signaling, architecture of the signaling routines, installation of signal, setting and execution of the signaling handlers. Some essential signaling functions are implemented and commonly used signals are supported, e.g. SIGALRM, SIGINT and SIGCHLD, etc. Signal registration function, signal (), is also designed to set the handler of a signal. On the premise of supporting essential signals, the routines are designed as simple as possible in order to reduce the amount of codes as well as increase the readability. The paper at finally gives a demo example to show the effect of the signaling routines.

Design of Primitive Shell for Multi-Process Micro-Kernel Embedded OS on ARM

2013 ◽  
Vol 756-759 ◽  
pp. 4245-4249
Author(s):  
Bo Qu
Keyword(s):  
Operating System ◽  
File System ◽  
Embedded Operating System ◽  
System Research ◽  
Embedded Os ◽  
Design And Implementation ◽  
Technical Details ◽  
Sd Card ◽  
Key Techniques

This paper describes the design and implementation of primitive shell for an embedded OS in technical details, including creation of root file system on SD card, overview of the primitive shell, key techniques of implementing essential shell commands. The primitive shell is designed based on the multi-process micro-kernel embedded operating system on ARM developed by the author of this paper. The shell command files are designed simple and compact particularly suited for embedded related curriculum teaching as well as embedded operating system research.

Analysis of the features of the protection system of the domestic special-purpose operating system

2021 ◽  
Author(s):  
R.A. Dorokhin ◽  
O.A. Bezrodnykh ◽  
S.N. Smirnov ◽  
V.A. Maystrenko
Keyword(s):  
Operating System ◽  
Access Control ◽  
Security System ◽  
Protection System ◽  
Control Mechanisms ◽  
Information Flows ◽  
Information Flow Control ◽  
Basic Principles ◽  
Mandatory Access Control ◽  
Functional Features

The paper considers the task of studying the features of the protection system of the operating system Astra linux 1.6 SE (Further OS Astra 1.6 SE). The basic principles of access control, functional features of protection modules, settings of some configuration files of the operating system, as well as types and features of classification marks are revealed. The result of this work is the proposal for the implementation of the possibility of configuring the basic access control mechanisms without using a graphical shell, the study of the principle of operation of these mechanisms, as well as the use of the features of kernel modules, configuration files for the design of a security system for computer facilities by information protection units. This operating system has a specific feature of the structure of the security system, since it includes mechanisms for mandatory access control, allowing access to be denied or allowed depending on the user's authority. The exchange and processing of information occurs with the use of classification labels, which make it possible to delimit information flows of different mandated contexts. These labels are written in accordance with GOST R 58256-2018 “Information security. Information flow control in the information system. Format of classification marks”. The paper analyzes traffic in different mandated sessions, and also considers the behavior of information flows regarding interaction in a network of computers with the installed OS Astra linux 1.6 SE and the security system configured on it. In this case, the exchange of data will occur both with users in the same sessions and in different ones that differ between computers.

Design of NIC Driver and Simple IP for Multi-Process Micro-Kernel Embedded OS on ARM

2013 ◽  
Vol 347-350 ◽  
pp. 1260-1263
Author(s):  
Bo Qu ◽  
Zhong Xue Yang
Keyword(s):  
Operating System ◽  
Network Performance ◽  
Embedded Operating System ◽  
System Research ◽  
Tool Chain ◽  
Embedded Os ◽  
Design And Implementation ◽  
Technical Details ◽  
Key Techniques ◽  
Linux Platform

This paper describes the design and implementation of NIC driver and simple IP for an embedded OS in technical details, including the key techniques of designing NIC driver, ether net interface, ARP, IP and ICMP routines. The network routines are implemented for the ARM based multi-process micro-kernel embedded operating system developed by the author of this paper on Linux platform with GNU tool chain. A shell command, ping, is designed to show the effect of network performance. Based on the NIC driver, UDP, TCP and socket routines can be designed further. This multi-process micro-kernel embedded operating system with network capabilities is suitable and helpful for both embedded operating system research and related curriculum teaching.

A Service-Based Approach for RBAC and MAC Security

2008 ◽  
pp. 1741-1758
Author(s):  
Charles E. Phillips Jr. ◽  
Steven A. Demurjian ◽  
Thuong Doan ◽  
Keith Bessette
Keyword(s):  
Access Control ◽  
Role Based Access Control ◽  
Distributed Application ◽  
Discretionary Access Control ◽  
Mandatory Access Control ◽  
Wide Range ◽  
Role Based

Middleware security encompasses a wide range of potential considerations, ranging from the ability to utilize the security capabilities of middleware solutions (for example, CORBA, .NET, J2EE, DCE, and so forth) directly out-of-the-box in support of a distributed application to leveraging the middleware itself (paradigm) to realize complex and intricate security solutions (for example, discretionary access control, role-based access control, mandatory access control, and so forth). The objective in this chapter is to address the latter consideration: examining the attainment of advanced security capabilities using the middleware paradigm, namely, role-based access control (RBAC) and mandatory access control (MAC). The resulting security provides a robust collection of services that is versatile and flexible and easily integrates into a distributed application comprised of interacting legacy, COTS, GOTS, databases, servers, clients, and so forth.

Sign in / Sign up

Export Citation Format

Share Document